Read the original text at 112.ua.
Ukraine’s Security Service (SBU) declares in its press-release that on the eve of the UEFA Champions League final in Kyiv that Russia is preparing some possible powerful cyber attack against Ukrainian state structures.
Thus, the specialists in cybersecurity of the SBU are studying the next possible wave of mass attack against the devices deployed in Ukraine.
Malicious software that can be used by the hackers is called VPNFilter.
SBU says that such attacks have been recorded few times around the world since 2016. According to the information received, this time the geographic focus of the attack is directed precisely at the Ukrainian segment of the Internet.
The findings of the forensic study show that the VPNFilter virus software allows attackers to intercept all traffic passing through the affected device (including authorization data and personal data of payment systems), collect and download information, remotely control the infected device, and even disable it.
Experts of the Security Service of Ukraine believe that the infection of equipment on the territory of Ukraine is a preparation for the next act of Russian cyber aggression, aimed at destabilizing the situation in the country during the Champions League final.
This is also evidenced by the fact that the planned cyber attack mechanism coincides with the techniques that were used in 2015-2016 during the BlackEnergy cyberattack. It is noted that law enforcers are already involved in neutralizing the threat. The SBU stresses that without the owners eliminating the vulnerabilities of the final equipment, it is impossible to prevent new waves of such cyber attacks.
Taking into account the possible risks, the SBU and the National Police have informed potential "victims" of the attack, in particular, the relevant infrastructure facilities and public authorities.
To prevent loss of information, interference in the operation of network devices and to prevent the negative consequences of the defeat of the above network devices by malicious software, cybersecurity SBU specialists strongly recommend taking such measures:
- Users and owners of home routers, wireless routers for small offices and network file storage must immediately restart them in order to remove potentially dangerous malicious program modules of the device;
- If these are client's network routers, controlled by the Internet service providers, to perform their remote reboot;
- If there is a reason to consider any device in the local network affected by the specified type of malicious software, then immediately update its firmware to the latest version;
- In case the operating system of the network device has the function of accessing its file system, check the presence of files in the directories "var /run/vpnfilterw", "var/run/tor", "var/run/torrc", "var/run/tord" and delete their contents.
As was reported before, before a large wave of cyber attacks of the NotPetya virus occurred on June 27, 2017. From the extortion virus, which demanded bitcoins for unlocking computers, many Ukrainian sites were affected: Boryspil, Ukrposhta, Ukrtelecom, and a number of ministries and banking systems. In the UK, dozens of organizations have suffered from the virus, including postal services, as well as advertising, legal, logistical, and financial companies.